Add CI/CD infrastructure for animaltrack

New services:
- animaltrack.hcl: Python app with health checks and auto_revert
- act-runner.hcl: Gitea Actions runner on Nomad

New infrastructure:
- nix-runner/: Custom Nix Docker image for CI with modern Nix,
  local cache (c3), and bundled tools (skopeo, jq, etc.)

Modified:
- gitea.hcl: Enable Gitea Actions

The CI workflow (in animaltrack repo) builds Docker images with Nix,
pushes to Gitea registry, and triggers Nomad deployments with
automatic rollback on health check failure.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

services/gitea.hcl

@@ -19,7 +19,9 @@ job "gitea" {
       driver = "docker"
 
       config {
-        image = "gitea/gitea:latest-rootless"
+        # TODO: revert to latest once 1.25.1+ is released
+        #image = "gitea/gitea:latest-rootless"
+        image = "gitea/gitea:1.25-nightly-rootless"
         ports = [
           "http",
           "ssh",
@@ -42,6 +44,8 @@ job "gitea" {
         GITEA__mailer__FROM = "gitea@paler.net"
         GITEA__mailer__PROTOCOL = "smtp"
         GITEA__mailer__SMTP_ADDR = "192.168.1.1"
+        GITEA__actions__ENABLED = "true"
+        GITEA__actions__DEFAULT_ACTIONS_URL = "https://gitea.com"
       }
 
       service {